How could I add SHA1 certificate in already signed catalog file RRS feed

  • Question

  • Hello,

    My company wants to use one driver package in Windows 7,8 and 10. We signed a *.sys file by our SHA1 certificate( we signed file with both SHA1 and SHA256 algorithms)  and submitted to Microsoft Hardware Center. The submission was successful and we got  *.sys file with three signatures. Two signatures are ours and the third one is from Microsoft. The catalog file contained just one signature from Microsoft. To use the package in Windows 7 I added our signatures in the catalog file but DPInst.exe could not find any valid digital signature in the file. SignTool also could not find two ours signatures. It shows our certificate in the Certificate Chain but could not find signatures.

    Below is commands which I use to sign a file. I works fine if I sign a file before submitting it to Hardware Dev Center but doesn't work if I try to run commands after submission.  

    SignTool.exe sign /ac MSCrossCert.cer /fd sha1 /t <file_path>

    SignTool.exe sign /ac MSCrossCert.cer /fd sha256 /tr /as <file_path>

    What command do we need to run to add our certificate in already signed file which contains Microsoft signature? 

    Thank you

    Wednesday, March 16, 2016 1:51 AM